Hackers hoarding Windows XP exploits for cut-off bonanza

With just less than a month until support for Windows XP ends, the security community has warned that hackers are hoarding exploits to let loose on unsuspecting firms once support ends.

After 8 April Microsoft will not release any more updates for the platform. This means that for hackers any holes in the platform they exploit will not be patched, presenting a potential gold mine.

Trouble aheadMark Brown, director of information security at EY, told V3 that he believes the end of support for XP will open the floodgates for hackers to release all manner of attacks.

“There could be a nightmare scenario where it becomes the Wild West, or it could be another Y2K situation where nothing actually happens,” he said.

“However, given how prevalent cyber issues have become, I would be surprised if there is a not a stock of zero-day exploits waiting to be released in April.”

Trend Micro security director Rik Ferguson is of the same opinion. “There will vulnerabilities that will be exploited – that is a given,” he told V3. “It would be short-sighted to claim all the vulnerabilities have been found, because there will still be exploits.”

Finnish security firm F-Secure was similarly candid in its assessment of the situation. "When (not if) a powerful zero-day exploit makes its way to market – that's when the real concerns begin and important questions will be asked," it said in a recent security report.

Jason Steer, director of technology strategy at FireEye, added: "Opportunist attackers won’t want to miss the chance to attack a platform that no longer patches against new zero-day attacks."

Computerworld - Two months after Microsoft withdrew support for Windows XP, the catastrophic wave of exploits that security experts predicted would quickly wash over the aged operating system have failed to materialize.

Microsoft provided its last regularly-scheduled security updates for Windows XP on April 8, making only a single one-time exemption several weeks later when it patched a then-being-exploited vulnerability in Internet Explorer, including the browser on XP.